Hi Matt,
I do have an example for SSH with a RADIUS server. Here’s a simple example for freeradius.
First, edit /etc/freeradius/clients.conf and add the following:
client 192.168.1.1 {
secret = MY_KEY
nastype = cisco
shortname = SW1
}
The switch is using IP address 192.168.1.1 and the secret key between freeradius and the switch will be “MY_KEY”.
And add the following to the /etc/freeradius/users file:
MY_USER Cleartext-Password := "MY_PASSWORD"
Service-Type = NAS-Prompt-User,
Cisco-AVPair = "shell:priv-lvl=15"
On your switch (or router) you need to add the following commands, I’m assuming you already configured SSH:
aaa new-model
aaa authentication login SSH group radius local
radius-server host 192.168.1.100 auth-port 1812 acct-port 1813 key MY_KEY
line vty 0 4
login authentication SSH
Once you SSH into the switch, it will check the radius server. If it fails, it will fallback to local authentication.
The configuration on the APs is a bit different. Cisco has an example that should be 99% similar:
Rene